Despite marketing themselves as not collecting users data, the companies were discovered to be harvesting data, plus storing it in an unsecured backend server. The news comes as a reminder that while some VPNs may be free, you could pay a price by trusting them with your data. Looking for a safe VPN? Check out our guide to the top 10 most secure VPNs of 2020 The results of the discovery are shocking for two reasons. Firstly, sensitive user data was left on unencrypted servers, meaning that it was easily accessible. But more alarmingly, the data should never have been there in the first place, as the VPNs investigated all claim to be “zero log” solutions. In theory, this means that they don’t collect data on users. The information available, in plain text, included:
usernamespasswordsemail addresseshome addressesdevice informationBitcoin accounts
According to the group, this data included the personal details of up to 20 million users. The files came to a whopping 1.2TB of data, and included 1,083,997,361 files. As for the impact of this data falling into the wrong hands, the database represented a goldmine for scammers, opening up the users to fraud, blackmail, impersonation, doxing, hacking and more. And that’s before considering the implications of states being able to learn details of VPN users. In China itself, for example, it’s illegal to use a VPN. The apps found to be using the unencrypted servers are:
UFO VPNFast VPNSuper VPNFree VPN
Needless to say, if you are currently using one of these apps, we recommend uninstalling it immediately, and changing any passwords that you may have used with the software. All these VPNs are still available on the Google Play Store, and between them have millions of users. As part of their research, vpnMentor reached out to the parent companies of these apps and informed them of its findings, before going public with its report. The responses were, on the whole, dismissive, and denied any issue. One company, UFO VPN stated: However, the evidence collected by vpnMentor strongly disputes this response from the company. It was able to do this by signing up for the VPN service itself, and then searching the unsecured server again, where it found the newly made account, complete with unprotected username and password stored in plain text. Free VPNs tend to be slower, host advertising, and generally not offer much in the way of features. So, they really don’t have much going for them. If you are tempted by a free VPN, we’d strongly recommended opting for one that’s based out of Hong Kong, like the ones named in the report. Due to a recent change in law, those found guilty of secession or subversion can be imprisoned for life – making operating and using a VPN there much higher risk. In fact, many VPNs, such as US-owned IPVanish and Private Internet Access, have actually pulled their Hong Kong servers as a direct result of these changes.
Secure VPNs from under $3 per month
The best way to ensure that your online activities remain secure and unexposed is with a paid for VPN service. The cost isn’t prohibitive, starting at a few dollars a month, and they offer a wealth of features, servers, and fast download speeds. Some even offer military grade security. In our table below, you can see our recommendations for the best secure VPNs you can choose, with prices beginning from under $3 per month:
